IntSights, the external threat intelligence company, has researchers that have observed that Dark Web forums and online black markets are selling stolen log-in info to many YouTube accounts.
Cybercriminals have always seen the worth in YouTube channels since they consider them very valuable. They can use YouTube accounts to commit fraudulent activities such as spreading malware and scamming people.
YouTube accounts that are taken from credentials logs and compromised devices will sell for more cash when cybercriminals sell them on the Dark Web.
Less prominent channels aren't as valuable as more popular channels, but they are still worth some money. The owners of those smaller channels might be relying on their channels for their revenue, which will lead to the owners wanting to pay to get their accounts and its content back.
A poll was run by a hacking forum where they asked if users on the forum were interested in purchasing stolen YouTube channels, and the results showed that every 4 in 5 forum users would consider obtaining the stolen log-in info for stolen YouTube accounts.
Secret Online Auctions For Stolen YouTube Accounts
Ransomware groups are auctioning data they've stolen with their ransomware. Cybercriminals are also auctioning YouTube log-in information that they snatched from YouTube users in the same fashion.
A blog post from IntSights showed a peek into one of the auctions being held on an online black market. One seller was auctioning almost 700 YouTube accounts, where they had the starting price at $400. If someone wanted to buy every account right away, the seller had a Blitz price of $5000.
This particular auction was going to end when a whole day passed after the last bid, probably because the seller wanted to get the accounts off his hands and sold quickly before the accounts were taken back by the victims. The seller didn't want the victims to contact Google's support service and rescue their accounts before he got to sell them.
Attackers have a lot of methods for targeting owners of YouTube channels. But it seems that recent listings of YouTube accounts that have been sold on these black markets were swiped from databases that contained credentials for Google and stolen from computers that have been infected by malware.
IntSights has recommended that anyone with a YouTube account need to enable two-factor authentication so that they can protect their accounts from being stolen. Two-factor authentication makes it even more difficult for cybercriminals to gain control of the accounts in the beginning.
Read Also: You Can Now Mark Specific Content in YouTube with the New "Chapters" Feature: Here's How to Use It
How To Enable Two-Factor Authentication
The first thing you have to do to enable two-factor authentication on your YouTube account is to log in to your Google account. Next, click the icon in the top right of the screen, and then click My Account. On the next page, find and then click on Sign-In & Security.
Look for the Signing In section, and there will be the option to turn on 2-Step Verification. Click on it to turn it on. Now, you'll need to set it up.
When it prompts you to, click on Start Setup. If you haven't set up your Google account with your phone number, do so now. Next, click on Send Code. When Google sends you the code to your phone, enter it into the form and click on Verify.
You've almost set up two-factor authentication. If you're using a private computer, click on the checkbox next to Trust this computer and click next. You have successfully set up your number and the device (if you trust it) with Google's 2-Step Verification feature. To finalize the process, click on Confirm.
When you finished the entire set-up process, you'll be directed to Google's two-factor authentication settings page. On this page, you can review the settings and add backup numbers.
When you sign in the next time, you'll receive a text with a verification code. That's how two-factor authentication is set up with your YouTube account.
Read Also: Huawei: Goodbye Youtube, Hello Dailymotion